Load Balance - Docker

Shaun Glass shaunglass at gmail.com
Wed Nov 16 13:24:49 UTC 2016 

Ok ... after some more work I have it as follow and working. I created the
certificates mentioned below as well :

upstream ucp_cluster {
    server 10.12.64.218:444;
    server 10.12.64.219:444;
    server 10.12.64.222:444;
}

server {
    listen 444 ssl;
    server_name docker-poc.domain.com;

    ssl on;
    ssl_certificate /etc/nginx/ssl/docker-poc.domain.com.crt;
    ssl_certificate_key /etc/nginx/ssl/docker-poc.domain.com.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

    ssl_ciphers
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
    ssl_prefer_server_ciphers on;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass https://dtr_cluster/;
        proxy_redirect off;
    }
}

On Tue, Nov 15, 2016 at 4:43 PM, Yuriy Medvedev <medvedev.yp at gmail.com>
wrote:

> Use listen 443 ssl;
>
> 2016-11-15 17:34 GMT+03:00 Shaun Glass <shaunglass at gmail.com>:
>
>> Mmmm ... I gather that would be at the Docker Nodes. Just want nginx that
>> when receiving a connection just connects to either of the 3.
>>
>> On Tue, Nov 15, 2016 at 4:16 PM, Yuriy Medvedev <medvedev.yp at gmail.com>
>> wrote:
>>
>>>
>>> 2016-11-15 17:11 GMT+03:00 Shaun Glass <shaunglass at gmail.com>:
>>>
>>>> proxy_redirect
>>>
>>>
>>> Where you terminate ssl?
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20161116/403f2f94/attachment.html>

More information about the nginx mailing list